域组的 WCF 安全性 [英] WCF security with Domain Groups

问题描述

我有一个 WCF 服务，我想用 Windows 域组来保护它.我不想在代码中包含 PrincipalPermission 属性！

I have a WCF service which I would like to secure with windows domain groups. I do not want to include the PrincipalPermission attibute in the code!

我想使用应用程序池标识从 Web 应用程序调用服务.将检查此身份以确保它是保护 WCF 服务的域组的成员.所有这些都将在 config.yml 中定义.这似乎是一个非常巧妙的解决方案，除了..... 将域组定义为保护 WCF 服务似乎是不可能的.任何人都知道我如何做到这一点.

I would like to call the services from a web application using the application pool identity. This identity would be checked to ensure that it is a member of the domain group securing the WCF service. All of this would be defined in config. This seems like a really neat solution, except ..... defining the domain group as securing the WCF service does not seem possible. Anyone got any ideas how I might do this.

我正在使用 netTCPBinding(或命名管道，但更喜欢 netTCP)并在 Windows 2008 中的 IIS 中托管服务.

I am using netTCPBinding (or named pipes but prefer the netTCP) and hosting the service in IIS within windows 2008.

推荐答案

根据我的理解，您希望在设计时使用命令式检查而不是声明式检查.

As per my understanding , you want to use imperative checking than declarative checking at design time.

如果是这种情况，您可以在方法主体中使用命令式检查替换声明，例如

If thats the case you can replace the declaration with an imperative checing in the method body like

 PrincipalPermission checkPerminssions = new PrincipalPermission(
                                null, @"DomainName\WindowsGroup");


checkPerminssions .Demand();

您还可以使用 IPrincipal 接口使用 IsInRole 方法.

You can also use IsInRole method using IPrincipal Interface.

不过，您可以在授权

我很想知道你为什么要这样做.

I would love to know why you want to do that.

希望这会有所帮助.

这篇关于域组的 WCF 安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！